none
upload file control should not accept any exe and dll files or any virus files RRS feed

  • Question

  • Hi Team,

    Am Working on custom web part but the requirement as follows

                           it should not accept any exe or dll files while uploading it should find it the content type

                           it should accept the doc/docx, xls/xlsx, text, jpeg, gif files.

    please let us know how to do using C#.

    Thanks


    Srinivas


    Monday, October 24, 2016 12:38 AM

Answers

  • Hi,

    Few points to note, 

    It looks the method isExeFile is not working.

    Why don't you use the least effort on checking the file extension instead of writing the code that has a huge cost on process and server ?

    Example :

    string FileExtension = FileUploadCtrl.PostedFile.FileName.Split('\\').Last().Split('.')[1];

    Are you trying to implement the "SharePoint" way webpart or just an ASP.NET custom webpart ?

    Again, Are you using the IIS express to view the ASPX page that host your ASCX control, when it working fine?

    The same will not work in IIS as there no permission on the user/program than uploads the file to Server's physical file location, and als as there is a default restriction for the .exe and .dll file through governed by the IIS application host file.

    To make your program work, first let the IIS to upload these file and then your program starts to restricts it.

    Go to add the exe and .dll file those accepted by IIS

    C:\Windows\System32\inetsrv\config\applicationHost.config

    under requestingfiltering

    <add fileExtension=".exe" allowed="true" /><add fileExtension=".dll" allowed="true" />

    For the best practice, you shouldn't do this on PROD server.

    And also there is restriction around Request URL length and bytes length, watch them in your code or in IIS Config settings.

    It looks like the question not related to SharePoint,any moderator can validate and move to appropriate target audience forum.

    Happy Diwali and Happy Coding..


    Murugesa Pandian | MCPD | MCTS | SharePoint 2010 |








    Sunday, October 30, 2016 4:24 AM

All replies

  • Hi Srinivas,

    You need to have an anti-virus software product to validate if the file has the virus.

    http://stackoverflow.com/questions/4520499/run-a-virus-scan-while-uploading-files-in-asp-net

    For the specific files to uploaded you can always check the type of files that being uploaded.

    http://stackoverflow.com/questions/9799166/how-to-accept-files-with-specified-content-type-accross-the-operating-system


    SharePoint School | Blog- http://www.sharepoint-journey.com

    Monday, October 24, 2016 4:21 AM
    Moderator
  • Hi Devendra,

    Thanks for Reply, but I am writing following way its working in server where as once hosted in web its not working please let me know what is a issue

    if (!IsExeFile(ReadAllBytes(postedFile.FileName)))                      
                            {
                               extension = System.IO.Path.GetExtension(postedFile.FileName).ToLower();
                             
                                if (ContentTypeList.Contains(extension) != null || extension != string.Empty)
                                {
                                   
                                    mimeType = ContentTypeList.Contains(extension).MimeType;

                                    if (mimeType != string.Empty)
                                    {
                                        maxLength = Framework.Global.ContentTypeList.Contains(extension).Size;
                                        uploadFile = true;
                                    }
                                }
                            }

      private static byte[] SubByteArray(byte[] data, int index, int length)
            {
                byte[] result = new byte[length];
               
                Array.Copy(data, index, result, 0, length);
               
                return result;
            }
          
      
       public static bool IsExeFile(byte[] FileContent)
            {
                var twoBytes = SubByteArray(FileContent, 0, 2);
                return ((Encoding.UTF8.GetString(twoBytes) == "MZ") || (Encoding.UTF8.GetString(twoBytes) == "ZM"));
            }


    Srinivas




    Thursday, October 27, 2016 3:52 PM
  • Can you provide more details on where you are hosting this? Also please add the logging to the code so you can check which part of executing and not executing which will help further to troubleshoot the code. 

    SharePoint School | Blog- http://www.sharepoint-journey.com

    Friday, October 28, 2016 5:21 AM
    Moderator
  • Hi Devendra,

    I am working on ASP.Net page and above code I am using in one acsx control and when ran the VS solution its working fine but when its hosted in IIS, the code is not reading file.

    Please let me know what might be issue.

    Thanks


    Srinivas

    Friday, October 28, 2016 10:30 AM
  • Hi,

    Few points to note, 

    It looks the method isExeFile is not working.

    Why don't you use the least effort on checking the file extension instead of writing the code that has a huge cost on process and server ?

    Example :

    string FileExtension = FileUploadCtrl.PostedFile.FileName.Split('\\').Last().Split('.')[1];

    Are you trying to implement the "SharePoint" way webpart or just an ASP.NET custom webpart ?

    Again, Are you using the IIS express to view the ASPX page that host your ASCX control, when it working fine?

    The same will not work in IIS as there no permission on the user/program than uploads the file to Server's physical file location, and als as there is a default restriction for the .exe and .dll file through governed by the IIS application host file.

    To make your program work, first let the IIS to upload these file and then your program starts to restricts it.

    Go to add the exe and .dll file those accepted by IIS

    C:\Windows\System32\inetsrv\config\applicationHost.config

    under requestingfiltering

    <add fileExtension=".exe" allowed="true" /><add fileExtension=".dll" allowed="true" />

    For the best practice, you shouldn't do this on PROD server.

    And also there is restriction around Request URL length and bytes length, watch them in your code or in IIS Config settings.

    It looks like the question not related to SharePoint,any moderator can validate and move to appropriate target audience forum.

    Happy Diwali and Happy Coding..


    Murugesa Pandian | MCPD | MCTS | SharePoint 2010 |








    Sunday, October 30, 2016 4:24 AM